The rapid integration of rapidly developing semiconductor technologies into our daily lives in the twentieth century has brought about changes in the infrastructure used in the processing and management of information. Rapid developments in information and communication technologies and the innovations offered to the world by these developments have led to the emergence of a new concept called informatics. This virtual world, which is formed in line with the opportunities offered by the Internet and technological development and which has no time and space limitations, is called cyberspace. The ease of communication in cyberspace and the formation of important gaps in terms of security cause cyber threats and attacks.
Cyber threats and attacks can be made to control systems through physical infrastructure or internet networks. Cyber-attacks can take place between countries as well as between individuals, terrorist organisations or illegal organisations. However, it may not be possible to respond to every cyber attack activity in accordance with the principle of reciprocity. At this point, questions arise as to how the concept of reciprocity, which is defined as the principle of responding in a similar way to the behaviour that is exposed in the international diplomatic arena, will be reciprocated in cyberspace.
When talking about national information security, what is understood by this term is not only the information created in line with the national interests of the state, but also the protection of all kinds of commercial information in a broader sense. Threats that may occur in the cyber environment are carried out against the military, political and economic dimensions that form the basis of national security. Cyber wars, which are considered as a type of asymmetric warfare, can be applied both as a reinforcement to classical wars and as a war method alone.
The military target of cyber wars is usually the critical information processing facilities of countries. Cyber terrorists can open the dam gates of the information systems of countries, take over air traffic control systems and cause aircraft crashes, infiltrate the automation systems of food factories, change food formulas and cause mass deaths. Cyber attacks have become a serious national security problem as they directly affect public order, create an atmosphere of fear and terror similar to a classical terrorist act, and paralyse social life in an instant.
Such asymmetric character of cyber risks and threats makes it difficult to combat cyber threats. Both the economic losses caused by cyber attacks and the costs of investments made to prevent cyber attacks are increasing. However, it cannot be said that cyber security is absolutely ensured. Instead, the possibility of keeping cyber security risks at manageable and acceptable levels and how the principle of reciprocity can be applied in case of attack are discussed. However, it is not possible to respond to every cyber-attack activity in accordance with the principle of reciprocity. How the principle of reciprocity, which is defined in international diplomacy as the right of the parties to respond in a similar or equivalent manner to the behaviour they are subjected to, can be applied in cyber-attacks is an open-ended question.
The issue of how to reconcile the concepts of use of force and self-defence, which are frequently mentioned with the concept of conventional warfare, with cyber attacks is one of the most important problems to be solved regarding the law of cyber warfare. The second article of the United Nations Charter is the most fundamental article regulating the prohibition of the use of force in today’s conditions. The article in question is as follows:
“All Members shall refrain in their international relations from resorting to the threat or use of force, whether against the territorial integrity or political independence of another State or in a manner incompatible with the purposes of the United Nations”.
The concept of force used in this article includes only the use of armed force and does not include political and economic measures. For this reason, experts do not consider this article as a kind of international custom, but rather as impermissible. There are two important exceptions to the prohibition of the use of force. The first exception is that if the United Nations Security Council (UNSC) determines that there is an attack that threatens peace in the international arena, member states may resort to the use of force against another country under Chapter VII of the relevant convention. This exception is a consequence of the fact that the UNSC is recognised as the competent body for the maintenance of peace and security in the international arena in accordance with Article twenty-four. The second exception is recognised as the Right of Self-Defence. The Right of Self-Defence is clearly defined in Article 51 of the relevant treaty and has also taken its place in customary international law. According to this article, no provision of the relevant treaty shall prejudice the individual or collective Right of Self-Defence of a member state in the event of an armed attack on one of the member states until the measures deemed necessary for the maintenance of peace and security in the international arena are taken. The measures taken by the member states in the exercise of this right are reported to the UNSC, and the UNSC’s powers and duties continue in order to restore peace and security in accordance with the agreement.
It is not as easy to determine when and from where cyber-attacks are carried out as physical attacks. In this case, even if it is assumed that the affected country has the right of self-defence, the response to be given within the scope of this right does not meet the criteria of urgency and necessity and therefore does not give the right of self-defence against the attacker. The fact that cyber attacks are carried out simultaneously makes it difficult to determine the purpose or identity of the attackers. Due to this difficulty, the international system limits the self-defence options available to countries and makes it difficult to respond effectively without violating the rules of international law. It should not be forgotten that restricting a country’s right of self-defence may encourage other countries, individuals and terrorist organisations to carry out increasingly harsh and violent cyber-attacks. For all these reasons, the entry into force of a more inclusive agreement, not only regionally but also globally, will determine the rules of the law of cyber warfare and the principles of reciprocity through whether states are parties to this convention or not. An urgent and comprehensive study on this issue by all international law subjects, especially the UN, will prevent possible international crises.